package com.xxgc.springboot.config;


import com.xxgc.springboot.realm.UserRealm;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.mgt.SecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;


import java.util.LinkedHashMap;
import java.util.Map;

/**
 * @program: springboot
 * @description: Shiro的配置
 * @author: Mr.abel(ShiJiaYi)
 * @create: 2022-09-29 10:27
 **/
@Configuration
public class ShiroConfig {

    /**
     * 设置Shiro的Md5加密
     */
    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        //加密算法
        hashedCredentialsMatcher.setHashAlgorithmName("md5");
        //散列次数 - 加密次数
        hashedCredentialsMatcher.setHashIterations(2);
        return hashedCredentialsMatcher;
    }

    //配置用户密码是否加密等操作
    @Bean
    public UserRealm getUserRealm(){
        UserRealm userRealm = new UserRealm();
        //密码需要MD5进行加密
        userRealm.setCredentialsMatcher(hashedCredentialsMatcher());
        return userRealm;
    }
    //有哪些终端可以使用
    @Bean
    public DefaultWebSecurityManager getDefaultWebSecurityManager(@Qualifier("getUserRealm")UserRealm userRealm){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //让用户Realm可以登录
        securityManager.setRealm(userRealm);
        return securityManager;
    }

    //1、配置哪些需要拦截
    @Bean
    public ShiroFilterFactoryBean getShiroFilterFactoryBean(
            @Qualifier("getDefaultWebSecurityManager") DefaultWebSecurityManager defaultWebSecurityManager){
        ShiroFilterFactoryBean factoryBean = new ShiroFilterFactoryBean();
        //配置管理登录对象的Manager
        factoryBean.setSecurityManager(defaultWebSecurityManager);
        //用于配置拦截规则
        Map<String, String> map = new LinkedHashMap<>();
        /**
         * anon 不需要认证 来宾
         * authc 需要认证
         * 所有来宾请求放在认证请求的上面
         */
        map.put("/users/loginShiro","anon");//登录
        map.put("/users/register","anon");//注册


        // 针对Swagger拦截放行
        map.put("/doc.html", "anon");
        map.put("/swagger-ui.html", "anon");
        map.put("/swagger/**", "anon");
        map.put("/swagger-resources/**", "anon");
        map.put("/v2/**", "anon");
        map.put("/webjars/**", "anon");
        map.put("/configuration/**", "anon");

        // 拦截所有
        map.put("/**","authc");


        //添加拦截规则
        factoryBean.setFilterChainDefinitionMap(map);

        return factoryBean;
    }

    /**
     * Shiro想实现注解需要简单配置一下 配置AOP
     */
    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        advisorAutoProxyCreator.setProxyTargetClass(true);
        return advisorAutoProxyCreator;
    }
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager){
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }


}
